Solved: Re: ISE 3.3 Patch 8– /opt Disk Utilization Increase and Considera0tion

ImranPervaiz67648 · ‎01-16-2026

Hello,

After installing Patch 8 on Cisco ISE version 3.3 Patch-7, we have observed a significant increase in /opt disk utilization. The disk usage increased from approximately 22% to 56% within one month after the patch installation and this is only happened on PAN and SPAN, I have checked the PSNs and its working normal without increasing the /opt disk. Prior to Patch 8, disk growth was stable and did not show this trend.

At this time, no changes in logging level, profiling, or operational behavior have been identified that would justify this increase, which raises concern that the disk growth may be related to Patch 8 itself.

We reviewed the release notes for ISE 3.3 Patch 9, which states that the patch primarily addresses an issue where Security Group Access Control Lists (SGACLs) enforcement may fail on Cisco IOS XE Network Access Devices (NADs). In this environment, SGACLs are not in use, so the documented fix in Patch 9 does not directly apply to the customer’s deployment.

Given this, we would like to understand:

Whether Patch 9 includes undocumented fixes or improvements related to disk usage, log handling, or cleanup processes introduced in Patch 8.

If Cisco recommends installing Patch 9 as a general stability or maintenance patch, even when SGACL functionality is not used.

Or whether further investigation (e.g., specific log or database growth under /opt) is recommended before proceeding with another patch installation.

Based on the current information, it is unclear whether installing Patch 9 will resolve the observed /opt disk growth. Guidance on best practice in this scenario would be appreciated.

Kind regards,

Greg Gibbs · ‎02-18-2026

The new symptom might actually be this bug - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws61409

A QPR (Quick Patch Release) is in flight with the fix for this for all current versions of ISE (3.3-3.5). It is currently expected to be available within the next two weeks (staggered per version), but could slip past that timeline without notice if issues are found in testing.

View solution in original post

Cristian Matei · ‎01-19-2026

Hi,

I'm not aware of something specific to code version 3.3 patch 8, however, could be related to something broader, the process itself. Check this bug here: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs08610

Sometimes, to avoid disk usage increase, when you deploy a new patch, rollback all previous patches and afterwards install the latest patch:

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215406-patch-installation-on-ise-and-faq-durin.html#toc-hId-1369370882

Thanks,

Cristian.

ImranPervaiz67648 · ‎01-26-2026

I have created a cisco tac to resolve the issue, and i will update this thread accordingly.

Marcelo Morais · ‎01-26-2026

@ImranPervaiz67648 ,

please take a look at:

CSCwo67904 ISE ./oracle/base/diag/tnslsnr alert files not cleared and filling opt

CSCwf23446 /opt fills up due to .idx files under mnesia directory

Hope this helps !

ImranPervaiz67648 · ‎02-18-2026

After re-built the M&T database for both ISE nodes (PAN and SPAN), the /opt disk space goes down to 15%. But the disk is still increasing significantly after installing the Patch 8 and now Patch 9.

Greg Gibbs · ‎02-18-2026

The new symptom might actually be this bug - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws61409

A QPR (Quick Patch Release) is in flight with the fix for this for all current versions of ISE (3.3-3.5). It is currently expected to be available within the next two weeks (staggered per version), but could slip past that timeline without notice if issues are found in testing.

beepmeep · ‎02-18-2026

Afaik the hot patch for this bug is already released (I just patched a customer on 3.4P4 last week)..

https://software.cisco.com/download/home/283801620/type/283802505/release/HP-CSCws61409

ImranPervaiz67648 · ‎02-20-2026

Thanks for the link, I hope this link will help me. But unfortunately i cannot open this Workaround TZ by this Cisco credentials.

ImranPervaiz67648 · ‎02-20-2026

@beepmeep This hot patch is release for ISE version 3.1 instead. (ise-apply-CSCws61409_3.1.x_patchall-SPA.tar.gz)

Marcelo Morais · ‎02-20-2026

@ImranPervaiz67648 ,

please take a look at: README for installing hot patch to fix CSCws61409.

You can install the ise-apply-CSCws61409_3.1.x_patchall-SPA.tar.gz on these versions:

ISE 3.3 P8
ISE 3.4 P1 to ISE 3.4 P4
ISE 3.5

Hope this helps !

ImranPervaiz67648 · ‎02-20-2026

@Marcelo Morais Thanks for update, Unfortunately i cannot install this hotpatch, because i already updated the ISE version 3.3 with Patch 9. and i cannot see anywhere that this hotpatch fixes the version 3.3 Patch9.

Marcelo Morais · ‎02-20-2026

@ImranPervaiz67648 ,

at Operations > Troubleshoot > Debug Wizard > Debug Log Configuration, please double check if the Log Level are Default:

Hope this helps !

ImranPervaiz67648 · ‎03-10-2026

@Marcelo Morais I have seen that the Cache Tracker is in Warn state with Custom as showing in the picture, Should i set as a default ?

ImranPervaiz67648 · ‎03-10-2026

furthermore, i have seen that Collector Debug collector on M&T nodes are also set custom with Warn

Marcelo Morais · ‎03-10-2026

Hi,

@ImranPervaiz67648 wrote:

furthermore, i have seen that Collector Debug collector on M&T nodes are also set custom with Warn

I have seen that the Cache Tracker is in Warn state with Custom as showing in the picture, Should i set as a default ?

yes, since you observed a significant increase in /opt disk usage, it’s important to remove anything that might affect the disk for testing purposes.

Note: please take a look at Release Notes for Cisco ISE 3.3 - Resolved Caveats for Patch 10.

Hope this helps !

ISE 3.3 Patch 8– /opt Disk Utilization Increase and Considera0tion P-9